binance-token-audit
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external contract addresses provided by users and displays data from an external API. This is a common characteristic of tools that ingest external content. \n
- Ingestion points: Contract addresses provided in user prompts and audit result fields from web3.binance.com. \n
- Boundary markers: No explicit delimiters or instructions to treat external data as untrusted are specified in the instructions. \n
- Capability inventory: The skill performs network POST requests to an external API. \n
- Sanitization: No explicit sanitization or validation of the API response data is documented. \n- [SAFE]: The skill makes network requests to an official and well-known Binance domain (web3.binance.com) and references a public Binance GitHub repository. These activities are consistent with the skill's stated purpose and do not represent a security risk. \n- [NO_CODE]: The skill does not contain any executable scripts, binaries, or automated code; it consists entirely of markdown instructions and API endpoint definitions.
Audit Metadata